LinuxPhreak/Password

## Password
//The below PHP hashes the password correctly
<?php
function cryptPass($input, $rounds = 9) {
$salt = "mysalt";
	$saltChars = array_merge(range('A','Z'), range('a','z'), range(0,9));
	for($i = 0; $i < 22; $i++) {
		$salt .= $saltChars[array_rand($saltChars)];
	}
	return crypt($input, sprintf('$2y$%02d$', $rounds) . $salt);
}

include ('database_connection.php');
// Check connection
if (mysqli_connect_errno())
  {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
  }

$email = $_POST['Email'];
$password = $_POST['Password'];
$hashedPass = cryptPass($password);


$email = mysqli_real_escape_string($dbc,$email);
$sql="INSERT INTO Collections (Email,Password) VALUES('$email''$hashedPass')";

if (!mysqli_query($dbc,$sql))
  {
  die('Error: ' . mysqli_error($dbc));
  }
echo "Thank You";

mysqli_close($dbc);
?>

//The below PHP can't does not check the hash. It works however doesn't change the users entered text into a hash before //checking it in the database.

 <?php
function cryptPass($input, $rounds = 9) {
  $salt = "mysalt";
  $saltChars = array_merge(range('A','Z'), range('a','z'), range(0,9));
  for($i = 0; $i < 22; $i++) {
    $salt .= $saltChars[array_rand($saltChars)];
  }
  return crypt($input, sprintf('$2y$%02d$', $rounds) . $salt);
}

include 'database_connection.php';

if (isset($_POST['submit'])) {

  if (!$_POST['Email'] | !$_POST['password']) {
    echo 'You did not fill in needed info';
  }
  $username = mysqli_real_escape_string($dbc,$_POST['Email']);
  $passwd = $_POST['password'];
  $inputHash = cryptPass($passwd);
  $query = "SELECT * FROM Collections WHERE Number = '$username' AND Password = '$passwd'";
  $result = mysqli_query ($dbc, $query);
  $count = mysqli_num_rows($result);


 //if (crypt($inputHash, $row['Password']) == $row['Password']) {

  if ($count > 0)
  {
      $row = mysqli_fetch_array($result,MYSQLI_ASSOC);
      session_start();
      $_SESSION['Number'] = $row['Number'];
      header('location: dashboard.php');
  }
  else
  {
      echo 'Wrong';
  }

 //}

}
?>
	//The below PHP hashes the password correctly
	<?php
	function cryptPass($input, $rounds = 9) {
	$salt = "mysalt";
	$saltChars = array_merge(range('A','Z'), range('a','z'), range(0,9));
	for($i = 0; $i < 22; $i++) {
	$salt .= $saltChars[array_rand($saltChars)];
	}
	return crypt($input, sprintf('$2y$%02d$', $rounds) . $salt);
	}

	include ('database_connection.php');
	// Check connection
	if (mysqli_connect_errno())
	{
	echo "Failed to connect to MySQL: " . mysqli_connect_error();
	}

	$email = $_POST['Email'];
	$password = $_POST['Password'];
	$hashedPass = cryptPass($password);


	$email = mysqli_real_escape_string($dbc,$email);
	$sql="INSERT INTO Collections (Email,Password) VALUES('$email''$hashedPass')";

	if (!mysqli_query($dbc,$sql))
	{
	die('Error: ' . mysqli_error($dbc));
	}
	echo "Thank You";

	mysqli_close($dbc);
	?>

	//The below PHP can't does not check the hash. It works however doesn't change the users entered text into a hash before //checking it in the database.

	<?php
	function cryptPass($input, $rounds = 9) {
	$salt = "mysalt";
	$saltChars = array_merge(range('A','Z'), range('a','z'), range(0,9));
	for($i = 0; $i < 22; $i++) {
	$salt .= $saltChars[array_rand($saltChars)];
	}
	return crypt($input, sprintf('$2y$%02d$', $rounds) . $salt);
	}

	include 'database_connection.php';

	if (isset($_POST['submit'])) {

	if (!$_POST['Email'] \| !$_POST['password']) {
	echo 'You did not fill in needed info';
	}
	$username = mysqli_real_escape_string($dbc,$_POST['Email']);
	$passwd = $_POST['password'];
	$inputHash = cryptPass($passwd);
	$query = "SELECT * FROM Collections WHERE Number = '$username' AND Password = '$passwd'";
	$result = mysqli_query ($dbc, $query);
	$count = mysqli_num_rows($result);


	//if (crypt($inputHash, $row['Password']) == $row['Password']) {

	if ($count > 0)
	{
	$row = mysqli_fetch_array($result,MYSQLI_ASSOC);
	session_start();
	$_SESSION['Number'] = $row['Number'];
	header('location: dashboard.php');
	}
	else
	{
	echo 'Wrong';
	}

	//}

	}
	?>